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DETAILED ACTION 

1 . This office action is in response to Applicant's amendment filed on January 1 7, 
2007. 

Election/Restrictions 

2. Applicant's election without traverse of claims 1-19 in the reply filed on January 
17, 2007 is acknowledged. Claims 1-19 are pending. Claims 20-25 are withdrawn from 
consideration. 

Response to Arguments 

3. Applicant's arguments filed January 17, 2005 have been considered but are moot 
in view of the new ground(s) of rejection. In response to the arguments concerning the 
previously rejected claims, the following comments are made: 

4. Regarding the Double Patent rejection Applicant has stated "Applicant's attorney 
notes Examiner's provisional obviousness-type double patenting rejection over 
Application No. 10/119,204" without filing a Terminal Disclaimer. Therefore, the double 
patenting rejection is maintained. 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
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the art. See In re Fine, 837 F.2d 1071,5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 
958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, it would have been 
obvious to a person having ordinary skill in the art at the time the invention was made to 
modify the method disclosed by Davis and Zadok with Teppler to secure data stored by 
decrypting all files when the security device is inserted and re-encrypting the data when 
the security device is removed, (section 1. Introduction; Zadok) 

In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

The applicant argued "Davis teaches away from the use of cryptographic 
subsystem because encrypting/decrypting data plays no role in achieving the goal of 
mitigating the likelihood of unauthorized use of an electronic device through periodic 
challenge/response messages." The examiner respectfully disagrees. Davis teaches 
upon establishing a communication link, information is exchanged, normally in 
encrypted format between the security device and the token. Upon the security device 
determining that the token responded correctly the user is granted access to contents of 
the personal network as well as its networked resources, (col. 3, lines 12-27; col. 4, 
lines 2-19) 

The applicant argued, "Davis fails to teach, disclose or suggest wherein the 
request include cryptographic request for cryptographic information and wherein the 
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server supplies the cryptographic information in response to the cryptographic requests 
and wherein the cryptographic subsystem utilizes the cryptographic information to either 
encrypt or decrypt the data." The examiner respectfully disagrees. Davis teaches a 
message is defined as information (e.g., data, address, encrypted keys and any other 
information) being transferred in a sequence of one or more cycles like "challenge" and 
"response" message. Davis further teaches upon establishing the communication link 
information is exchanged, normally in an encrypted format between the security device 
and the token, (col. 3, lines 12-27; col. 4, lines 2-19) 

Therefore, all the elements of the claims limitation are explicitly or implicitly or 
inherently suggested and disclosed by the combination of the references on the record 
and the previous rejection remains valid unless and otherwise the Applicant added a 
specific limitation in to the present independent claims, to overcome the rejection 
without introducing a new matter. 



Double Patenting 

5. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g:, In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 1 1 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 
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A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

Claims 1-19 are rejected on the ground of nonstatutory obviousness-type double 
patenting as being unpatentable overclaims 1-14 of copending application 10/119204. 
Although the conflicting claims are not identical, they are not patentably distinct from 
each other because claims 1 and 12 of copending application 10/1 19204 and claims 1 
and 12 of the instant application are functionally equivalent. The only difference in the 
two applications is that the instant application has in-memory portions of address space 
for an application program or data. Zadok teaches providing in-memory portions of 
address space for an application program, (section 2.1 Key Management) Therefore, it 
would have been obvious to one skilled in the art at the time the invention was made to 
modify the method disclosed by the copending application with Zadok in order to avoid 
storing information related to encryption permanently thereby making the system more 
secure. 

6. This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 

The following table shows the complete mapping of the claims between the 
instant application and the copending application. 



Instant Application 10/608459 



Copending application (10/1 19204) 
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1. A system to maintain application data 
stored on a portable computer secure, the 
system comprising: an authorization client 
for use on the portable computer for 
makina reauests. the portable computer 
beina capable of providina in-memorv 


1 . A system to maintain data stored on a 
portable computer secure, the system 
comprising: an authorization client for use 
on the portable computer for making 
requests; a security device to be 
associated with an authorized user of the 
portable computer and including an 
authorization server for supplying 
responses to the requests; a 
communication subsystem for wirelessly 
communicating the requests and the 
responses to the server and the client, 
respectively, within a range; and a 
cryptographic subsystem for use on the 
portable computer for encrypting the data 
to obtain corresponding encrypted data 

\A/hpn thp* Qppiiritv Hpx/ipp nuteirlp thp 

Wl Id I LI IC? Ov7v/Ulliy iv^c io UULOIUu ll ic; 

range of the communication subsystem 
and for decrypting the encrypted data 
when the security device is back within the 
range. 


portions of address space for an 


application proqram; a security device to 
be associated with an authorized user of 
the portable computer and including an 
authorization server for supplying 
responses to the requests; a 
communication subsystem for wirelessly 
communicating the requests and the 
responses to the server and the client, 
respectively, within a range; and a 
crypiograpnic suDsysiem ior enurypuny 
data located in the in-memorv portions of 
the address space to obtain corresponding 
encrypted data when the security device is 
outside the range of the communication 
subsystem and for decrypting the 
encrypted data when the security device is 
back within the range. 


2. The system as claimed in claim 1 
wnerein tne requests inciuue crypiogrdpniu 
requests for cryptographic information and 
wherein the server supplies the 
cryptographic information in response to 
the cryptographic requests and wherein 
the cryptographic subsystem utilizes the 
cryptographic information to either encrypt 
or decrypt the data. 


2. The system as claimed in claim 1 

M/h^r^in thp rpnnpQte inrluHp rrvntooranhic 

requests for cryptographic information and 
wherein the server supplies the 
cryptographic information in response to 
the cryptographic requests and wherein 
the cryptographic subsystem utilizes the 
cryptographic information to either encrypt 
or decrypt the data. 


o. I ne sysiem as ciaimeu in claim i iinuiei 
comprising means for suspending 
substantially all authorized user processes 
nn thp rnmnuter when the securitv device 
is outside the range and means for 
restarting the suspended authorized user 
processes on the computer when the 
security device is back within the range. 


*3 Tho Qv/Qtpm £iq rlpimpr! in H?*im 1 

O. I IIC Oy OlCI 1 1 CIO IslCMI 1 IOU III OIGIIII 1 

wherein the requests include polling 
requests. 


4. The system as claimed in claim 2 
wherein the cryptographic information 
includes keys. 


4. The system as claimed in claim 2 
wherein the cryptographic information 
includes keys. 



Application/Control Number: 10/608,459 
Art Unit: 2137 



Page 7 



5. The system as claimed in claim 4 
wherein the keys are encrypted. 


5. The system as claimed in claim 4 
wherein the keys are encrypted. 


U. I lie oyolt/lll do OlalllltJU 111 Old 1 1 1 1 I iuiiiic;i 

comprising means for suspending selected 
authorized user processes on the 
computer when the security device is 
outside the range and means for restarting 
the selected authorized user processes on 

thp rnmnntpr v/v/hpn thp QPPiiritv Hpv/ipp 
lilt; ouiiipuid vvi ici i li ic ocouiiiy ucviuc io 

back within the range. 


fi Thp Qv/Qtpm rlaimpH in rlaim 4 

vs. 1 IIC oVOlCI 1 1 CIO vslClll 1 ICU III OICIIIM t 

wherein the keys include user and group 
keys. 


7. The system as claimed in claim 1 further 
comprising a mechanism for establishing a 

KinHinn hotxA/opn thp nnrtahlp pnmniitpr 
uiiiuiny Uciwccii li it? puiiauic uuiiipuicn 

and the security device to ensure that the 
security device only responds to a portable 
computer with a valid binding. 


7. The system as claimed in claim 1 further 
comprising a mechanism for establishing a 

hinHinn hpfwppn thp nortahlp romnutpr 

and the security device to ensure that the 
security device only responds to a portable 
computer with a valid binding. 


8. The system as claimed in claim 1 
wherein the security device is an 
authorization token. 


8. The system as claimed in claim 1 
wherein the security device is an 
authorization token. 


9. The system as claimed in claim 4 
wherein the keys include at least one 
master key. 


9. The system as claimed in claim 2 
wherein the computer has a low speed 
memory and high speed memory and 
wherein the data stored in the high speed 
memorv is not encrvoted and the data 
stored in the low speed memory is 
encrypted. 


10. The system as claimed in claim 9 
wherein the at least one master key is a 
Key-encrypuny i\t?y. 


10. The system as claimed in claim 2 
wherein the cryptographic subsystem 

inrluHp^ pnrrvntprl kpv^ and whprpin thp 

cryptographic information includes keys for 
decrypting the encrypted keys. 


1 1 . The system as claimed in claim 2 
wherein the cryptographic subsystem 
includes encrypted keys and wherein the 
rrvntonranhir information includes kevs for 
decrypting the encrypted keys. 


1 1 . The system as claimed in claim 1 
wherein the requests including the polling 
requests are encrypted. 


12. A method to maintain application data 
stored on a portable computer secure, the 
method comprising: providing an 
authorization client for use on the portable 
computer for making requests, the 
portable computer beinq capable of 


12. A method to maintain data stored on a 
portable computer secure, the method 
comprising: providing an authorization 
client for use on the portable computer for 
making requests; providing a security 
device to be associated with an authorized 
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providing in-memorv portions of address 


user of the portable computer and 
including an authorization server for 
supplying responses to the requests; 
wirelessly communicating the requests 
and the responses to the server and the 
client, respectively, within a range; 
encrypting the data to obtain 
corresponding encrypted data when the 
Qpruritv/ ripvirp outeirip the ranae* and 
decrypting the encrypted data when the 
security device is back within the range. 


space for an application proqram; 


providing a security device to be 
associated with an authorized user of the 
portable computer and including an 
authorization server for supplying 
responses to the requests; wirelessly 
communicating the requests and the 

r £i cnnncDic fn tho con/or onrl thp f*lipnt 

rGopuiiocJo iu uit; ocivci diiu uic ouchi, 

respectively, within a range; encrypting 
data located in the in-memorv portions of 
the address space to obtain corresponding 
encrypted data when the security device is 
outside the range; and decrypting the 
encrypted data when the security device is 
back within the range. 


lo. i ne meinoa as ciaimeu in oidim \c. 
further comprising suspending 
substantially all authorized user processes 
on the computer when the security device 
is outside the range and restarting the 
suspended authorized user processes on 
the computer when the security device is 
back within the range. 


1 Thp mpthnri a«; Haimpri in nlaim 12 
wherein the requests include cryptographic 
requests for cryptographic information and 
wherein the server supplies the 
cryptographic information in response to 
the cryptographic requests and where-in 
the cryptographic information is used to 
either encrypt or decrypt the data. 


i4. I ne meinoo as ciairnea in uidiin 
wherein the requests include cryptographic 
requests for cryptographic information and 
wherein the server supplies the 
cryptographic information in response to 
the cryptographic requests and wherein 
xne crypioy r dpniu iniuiiiiaiiuii io uocu iu 
either encrypt or decrypt the data. 


14 Thp mpthnri a«? claimed in claim 12 

|*T. 1 1 IO 1 1 lull IVVU CIO VvlClll 1 IV/U III VlWll l l 1 *— 

further comprising establishing a binding 
between the portable computer and the 
security device to ensure that the security 
device only responds to a portable 
computer with a valid binding. 


15. The method as claimed in claim 12 
further comprising establishing a binding 
between the portable computer and the 
security device to ensure that the security 
rlpvirp nnlv rp^nonds to a oortable 
computer with a valid binding. 




16. The method as claimed in claim 12 
further comprising suspending selected 
authorized user processes on the 
computer when the security device is 
outside the range and restarting the 
selected authorized user processes on the 
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rnmnntpr whpn thp ^pnuritv ripx/irp hark 

within the range. 




17. The method as claimed in claim 14 
wherein the cryptographic information 
includes keys. 




18. The method as claimed in claim 17 
wherein the keys include at least one 
master key. 




19. The method as claimed in claim 18 
wherein the at least one master key is a 
key-encrypting key. 





Claim Rejections - 35 USC § 103 



7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 1-6, 8, 11-14 and 16-17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Davis et al. (hereinafter Davis) U.S. Patent 6,088,450 in view of 
Zadok et al., Cryptfs: A Stackable Vnode (hereinafter Zadok) and in view of Teppler 
U.S. Patent 6,792,536. 

As per claims 1 and 12: 

Davis teaches a system to maintain application data stored on a portable 
computer secure, the system comprising: 



Application/Control Number: 10/608,459 Page 10 

Art Unit: 2137 

an authorization client for use on the portable computer for making requests, the 
portable computer being capable of providing in-memory portions of address space for 
an application program; (figure 1 , item 110; col. 2, lines 40-45) 

a security device to be associated with an authorized user of the portable 
computer and including an authorization server for supplying responses to the requests; 
(figure 1 , item 120; col. 3, lines 45-48) 

a communication subsystem for wirelessly communicating the requests and the 
responses to the server and the client, respectively, within a range; (figure 1 , item 140; 
col. 3, line 66-col. 4, line 2) and 

a cryptographic subsystem for encrypting and decrypting data; (col. 3, lines 12- 
27; col. 4, lines 2-19) 

Davis does not explicitly disclose providing in-memory portions of address space 
for an application program or data. Zadok teaches providing in-memory portions of 
address space for an application program, (section 2.1 Key Management) Therefore, it 
would have been obvious to one skilled in the art at the time the invention was made to 
modify the method disclosed by Davis with Zadok in order to avoid storing information 
related to encryption permanently thereby making the system more secure (section 1. 
Introduction; Zadok) 

Both references do not explicitly disclose encrypting data when the security 
device is outside the range of the communication subsystem and for decrypting the 
encrypted data when the security device is back with the range. Teppler in analogous 
art, however, discloses encrypting data when the security device is outside the range of 
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the communication subsystem and for decrypting the encrypted data when the security 
device is back with the range, (col. 35, lines 25-47) Therefore, it would have been 
obvious to one skilled in the art at the time the invention was made to modify the 
method disclosed by Davis and Zadok with Teppler in order to mitigate the likelihood of 
unauthorized use of an electronic device by periodically checking for credential, (col. 1 , 
lines 25-28; Davis) 
As per claims 2 and 13-14: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. In addition, Davis further discloses a system wherein the requests 
include cryptographic requests for cryptographic information and wherein the server 
supplies the cryptographic information in response to the cryptographic requests and 
wherein the cryptographic subsystem utilizes the cryptographic information to either 
encrypt or decrypt the data. (col. 6, line 51 -col. 7, line 10) 
As per claims 3, 6 and 1 6: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. In addition, Davis further discloses a system comprising means for 
suspending substantially all authorized user processes on the computer when the 
security device is outside the range and means for restarting the suspended authorized 
user processes on the computer when the security device is back within the range, (col. 
6, lines 33-34) 
As per claims 4 and 17: 
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The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. In addition, Davis further discloses a system wherein the 
cryptographic information includes keys. (col. 5, lines 34-49) 
As per claims 5 and 11: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. In addition, Davis further discloses a system wherein the keys are 
encrypted, (col. 3, lines 35-37) 
As per claim 8: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. In addition, Davis further discloses a system wherein the security 
device is an authorization token. (Abstract) 

9. Claims 7 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis et al. (hereinafter Davis) U.S. Patent 6,088,450 in view of Zadok et al., Cryptfs: A 
Stackable Vnode (hereinafter Zadok) and in view of Teppler U.S. Patent 6,792,536 and 
further in view of Tagawa et al. (hereinafter Tagawa) U.S. Patent Number 7,096,504. 
As per claims 7 and 15: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. None of the references explicitly disclose a system comprising a 
mechanism for establishing a binding between the portable computer and the security 
device to ensure that the security device only responds to a portable computer with a 
(valid binding. Tagawa in analogous art, however, discloses a system comprising a 
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mechanism for establishing a binding between the portable computer and the security 
device to ensure that the security device only responds to a portable computer with a 
valid binding, (col. 7, lines 62-67) Therefore, it would have been obvious to one skilled 
in the art at the time the invention was made to modify the method disclosed by Davis, 
Zadok and Teppler with Tagawa in order to verify the authenticity of both devices and if 
either of the device is invalid to stop the process, (col. 7, line 66; Tagawa) 

10. Claims 9-10 and 18-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Davis et al. (hereinafter Davis) U.S. Patent 6,088,450 in view of 
Zadok et al., Cryptfs: A Stackable Vnode (hereinafter Zadok) and in view of Teppler 
U.S. Patent 6,792,536 and further in view of Masuda et al. (hereinafter Masuda) U.S. 
Patent Number 6,714,649. 
As per claims 9 and 18: 

The combination of Davis, Zadok and Teppler teaches all the subject matter as 
discussed above. None of the references explicitly disclose a system wherein the keys 
include at least one master key. Masuda in analogous art, however, discloses a system 
wherein the keys include at least one master key. (col. 2, lines 20-24) Therefore, it 
would have been obvious to one skilled in the art at the time the invention was made to 
modify the method disclosed by Davis, Zadok and Teppler with Masuda in order to 
provide a system for enhancing the security of stored data for subsequent use in the 
user device, (col. 2, lines 22-23; Masuda) 
As per claims 10 and 19: 
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The combination of Davis, Zadok, Teppler and Masuda teaches all the subject 
matter as discussed above, wherein the at least one master key is a key-encrypting key. 
(col. 2, lines 20-24) 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Shewaye Gelagay 




EMMANUEL L. MOISE 
SUPERVISORY PATENT EXAMINER 




